In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade github.com/prebid/prebid-server/privacy/ccpa
to version 0.113.0 or higher.
github.com/prebid/prebid-server/privacy/ccpa is an open source implementation of Server-Side Header Bidding.
Affected versions of this package are vulnerable to Information Exposure. Specifically, privacy/ccpa/policy.go
and privacy/gdpr/policy.go
include code that attempts to generate JSON by concatenating strings. If the us_privacy
or consent
fields contain the character "
, this can produce malformed JSON, or JSON with an unintended structure. An attacker could exploit this bug to trick Prebid Server into mutating an OpenRTB bid request to contain arbitrary data, bypassing validation.